← back
CVE-2007-2999

CVE-2007-2999

EPSS 1.6%
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/36138http://secunia.com/advisories/25457http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/http://www.securityfocus.com/bid/24248